Ransomware Virus you could lose all your photos documents etc

Mrs JWK just got her laptop infected by a nasty virus which means she lost all her files.

Basically this .Locky virus encrypts all your photos, music, videos, word documents, spreadsheets etc and demands a ransom for the key, which is £1,200+ in Bitcoins! There is no way to get these files back without paying.

So I'm warning you to be on the lookout for it, don't open any email attachments unless you recognise and trust the sender. Mrs JWK knows this but somehow it got through. I've looked at her recent email and can't see anything suspicious, after a scan I can only lay the blame on Adware opening a back door.

The virus (there are several) searches all your disks, mapped drives, Netware Attached Storage - even if you use cloud backup/sync services too. It even wipes out any shadow copies if you use that feature.

The best protection is to back up, back up, back up to a removable USB disk - don't leave it attached as the virus will find it.

The advice is to not pay the ransom to these crooks as it obviously encourages them and pays for the next generation of even more nasty stuff. It is quite likely the crooks will run off with the money anyway and who knows what this is funding? Apparently they are making huge sums as some businesses are paying up.

Luckily Mrs JWK doesn't use her laptop for much apart from emails so she only lost a handful of files. It would have been a disaster if it had got onto my PC as that's where we keep all our family photo collection, over 16 years worth of irreplaceable digital images.

 

Thanks for the warning.

 

I would strongly recommend everyone to download and install Malwarebytes - it is a free program (there is a paid version with more features if you feel the need to), and it is fantastic at not only getting rid of ransomware but also at preventing it getting into your PC in the first place.

Always remember - only open emails from known sources, and definitely DO NOT open any attachments, even if they claim to be invoices, bills or prize certificates.

I generally always advise people to run Mozilla Firefox, for which there is an ad-blocker available to block adverts on sites that you do not trust - Adblock Ultimate is the best one because it allows you to 'whitelist' sites that you know and wish to support by allowing advertising (such as GC).

If you are unfortunate enough to get a virus like this, the first thing is DO NOT PANIC, and DO NOT PAY ANYTHING!

I have never come across a case yet where I have not been able to get shot of the viruses, without spending any money. Admittedly, this may well be very difficult to do remotely however I am more than happy to offer advice as to how to proceed, so please feel free to ask.

@JWK - did the laptop get sorted, or can I help in any way?

 

@fat controller I seem to remember that the free version of Malwarebytes doesn't allow you to set it to scan automatically or update automatically. Does it still check everything that comes in?

 

It doesn't scan automatically, but requires the user to run it periodically (the paid version does it automatically in the background); however, the manual scan coupled with a decent anti-virus program should see you remain clear of any problems.

I am a big fan of Firefox being part of the 'suite' too, as the ad-block helps ensure that you are not bombarded with pop-up advert windows (they are the dangerous ones - you click on a perfectly legitimate link and it opens an advert window you don't see, and then that in turn opens a load more and before you know it you have a virus).

It is no different to real life really, hygiene is all important - if you don't practice good hygiene you are going to get a nasty bug.

 

Yes I sorted it Ok many thanks.

There is no sign of the virus because after it has encrypted all user files and put the ransom message on the desktop it then deletes itself. The big problem is that the user files are unreadable and there is no known decrypter. If you don't have a backup you are stuffed.

In our case I did a system restore followed by a "restore previous versions" in each folder. The .Locky virus normally deletes previous versions, luckily it failed this time so I didn't have to resort to our USB HDD archive. So Mrs JWK got all her files back although one was a couple of months out of date. No real harm done just a couple of hours wasted. It's made me think a lot more about the security of all our digital files and tighten up our backup regime.

In particular I have been relying on a couple of NAS systems a freeware archive utility along with the excellent Windows 10 Time Machine feature. Now I realise my setup is vulnerable to these latest generation of crypto ransomware viruses.

 

I have Avast (set on automatic scans, three times a day, and automatic updates) but how often should I run Malwarebytes?

 

I thought that if you didn't bother to wash then the smell would keep the bugs away.

 

I would say monthly, unless you have a notable problem (computer slow down or odd behaviour); Ccleaner is another excellent little program for clearing out the rubbish from your PC and keeping it running sweet. Again, run monthly is sufficient for most domestic PC's

 

Ahh! My emails are still getting through.

 

The trouble with that is that I don't understand a word you have said